Key management
You can use Amazon Identity and Access Management (IAM) with Amazon Glue to define users, Amazon resources, groups, roles and fine-grained policies regarding access, denial, and more.
You can define the access to the metadata using both resource-based and identity-based policies, depending on your organization’s needs. Resource-based policies list the principals that are allowed or denied access to your resources, allowing you to set up policies such as cross-account access. Identity policies are specifically attached to users, groups, and roles within IAM.
For a step-by-step example, see Restrict access to your Amazon Glue Data Catalog with resource-level IAM permissions
and resource-based policies
The fine-grained access portion of the policy is defined within the
Resource
clause. This portion defines both the Amazon Glue Data Catalog object that
the action can be performed on, and what resulting objects get returned by that
operation.
A development endpoint is an environment that you can use to develop and test your Amazon Glue scripts. You can add, delete, or rotate the SSH key of a development endpoint.
As of September 4, 2018, Amazon KMS (bring your own key and server-side encryption) for Amazon Glue ETL and the Amazon Glue Data Catalog is supported.